Logical Methods in Computer Science 
Vol. 6 (3:21) 2010, pp. 1-27 
www.lmcs-online.org 



Submitted Oct. 29, 2009 
Published Sep. 7,2010 



WELL-DEFINEDNESS OF STREAMS 
BY TRANSFORMATION AND TERMINATION 



HANS ZANTEMA 

Department of Computer Science, TU Eindhoven, P.O. Box 513, 5600 MB Eindhoven, The Nether- 
lands, and 

Institute for Computing and Information Sciences, Radboud University, Nijmegen, P.O. Box 9010, 
6500 GL Nijmegen, The Netherlands 
e-mail address: H.Zantema@tue.nl 



Abstract. Streams are infinite sequences over a given data type. A stream specification 
is a set of equations intended to define a stream. 

We propose a transformation from such a stream specification to a term rewriting 
system (TRS) in such a way that termination of the resulting TRS imphes that the stream 
specification is well-defined, that is, admits a unique solution. As a consequence, proving 
well-definedness of several interesting stream specifications can be done fully automatically 
using present powerful tools for proving TRS termination. 

In order to increase the power of this approach, we investigate transformations that 
preserve semantics and well-definedness. We give examples for which the above mentioned 
technique applies for the transformed specification while it fails for the original one. 



1. Introduction 

Streams are among the simplest data types in which the objects are infinite. We 
consider streams to be maps from the natural numbers to some data type D. Streams have 
been studied extensively, e.g., in \T\. The basic constructor for streams is the operator ':' 
mapping a data element d and a stream s to a new stream d : s by putting d in front of s. 
Using this operator we can define streams by equations. For instance, the stream zeros only 
consisting of O's can be defined by the single equation zeros = : zeros. More complicated 
streams are defined using stream functions. For instance, the boolean Fibonacci stream Fib 
is definecQ as the limit of the strings where = 1, (/>2 = 0, (l)i+2 = 4'i+i4'i for i > 1, 
showing the relationship with Fibonacci numbers. For / being the function replacing every 
by 1 and every 1 by 01, one easily proves by induction on n that f{(j)n) = (t>n+i foi' ah 
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n > 1. As Fib is the limit of these strings, Fib is a fix point of this function / on boolean 
streams. So the function / and Fib satisfy the three equations 

f{0:a) = 0:l:/(a), 
/(I: a) = 0:/(ct), 
Fib = /(Fib), 

for all boolean streams a. In this paper we consider stream specifications consisting of such 
a set of equations. We address the most fundamental question one can think of: is the 
intended stream uniquely defined by these equations? More precisely, does such a set of 
equations admit a unique solution as constants and functions on streams? So in particular 
for Fib: is the boolean stream Fib uniquely defined by the three equations we gave? We 
will call this well-defined, and we will show that for the equations for Fib this indeed holds. 

Although our specification of Fib only consists of a few very simple equations, the 
resulting stream is non-periodic and has remarkable properties. For instance, one can 
make a turtle visualization as follows. Choose an initial drawing direction and traverse the 
elements of the stream Fib as follows: if the symbol is read then the drawing direction is 
moved 120 degrees to the right; if the symbol 1 is read then the drawing direction is moved 
30 degrees to the left. In both cases after doing so a line of unit length is drawn. Then 
after 100.000 steps the following picture is obtained. 
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Another turtle visualization of Fib with different parameters was given in [19j. For 
turtle visualizations of similar stream specifications we refer to 

http : //www . win . tue . nl/~hzantenia/ str . html. 
To show that well-definedness does not always hold, observe that the function / defined 

by 

/(O : a) = 1 : f{a), /(I : a) = : /(a) 
has no fixpoints, that is, adding an equation c = /(c) yields no solution for c. On the other 
hand, the function / defined by 

/(O : a) = : f{a), /(I : a) = 1 : f{a) 

is the identity with infinitely many fixpoints, yielding infinitely many solutions of the equa- 
tion c = /(c). Finally, the function / defined by 

/(O : a) = : 1 : f{a), /(I : a) = 1 : : f{a) 

has exactly two fixpoints: the Thue-Morse stream and its inverse. 

Our approach to prove well-definedness of stream specifications is based on the following 
idea. Derive rewrite rules from the equations in such a way that by these rules the n-th 
element of the stream can be computed for every n. The term rewriting systems (TRS) 
consisting of these rules will be orthogonal by construction, so if the computation yields a 
result, this result will be unique. So the remaining key point is to show that the computation 
always yields a result, which is the case if the TRS is terminating. The past ten years showed 
up a remarkable progress in techniques and implementations for proving termination of 
TRSs [21[71[T1]. One of the objectives of this paper is to exploit this power for proving well- 
definedness of stream specifications. In our approach we introduce fresh operators head 
and tail intended to observe streams. We present a transformation of the specification to its 
observational variant. This is a TRS mimicking the stream specification in such a way that 
liead or tail applied on any stream constant or stream function can always be rewritten. 
In particular for a stream term t it serves for computing head(tail"'~^(t)), representing the 
n-th element of t. So not only a proof of well-definedness is provided, our approach also 
yields an algorithm to compute the n-th element of any stream term, for any n. 

This transformation is straightforward and easy to implement; an implementation for 
boolean stream specifications is discussed in Section [6] 

The main result of this paper states that if the observational variant of a stream spec- 
ification is terminating, then the stream specification is well-defined. It turns out that for 
several interesting cases termination of the observational variant of a specification can be 
proved by termination tools like AProVE [6j or TTT2 ^lOj . This provides a new technique to 
prove well-definedness of stream specifications fully automatically, applying for cases where 
earlier approaches fail. Our main result appears in two variants: 

• a variant restricting to ground terms for general stream specifications (Theorem 5.1), and 

• a variant generalizing to all streams for stream specifications not depending on particular 
data elements (Theorem 7.1). 

By an example we show that the approach does not work for general stream specifications 
and functions applied on all streams. Moreover, we show that our technique is not complete: 
the fix point definition of the Fibonacci stream Fib as we just gave is a well-defined stream 
specification for which the observational variant is non-terminating. However, we will also 
investigate transformations from stream specifications to stream specifications preserving 
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semantics, so also preserving well-definedness. Applying such a transformation to our spec- 
ification of Fib gives an alternative specification specifying the same stream Fib, but for 
which the observational variant is terminating, to be proved automatically by a termina- 
tion tool. In this way we prove well-definedness of Fib with respect to the original stream 
specification. More general, applying such semantics preserving transformations increases 
the power of our approach to prove well-definedness of stream specifications. 

Proving well-definedness in stream specification is closely related to proving equality 
of streams. A standard approach for this is co-induction [16j: two streams or stream 
functions are equal if a bisimulation can be found between them. Finding such an arbitrary 
bisimulation is a hard problem in the general setting, but restricting to circular co-induction 
[8t [T3] finding this automatically is tractable. A strong tool doing so is Circ [ISIllj. The 
tool Circ focuses on proving equality, but proving well-definedness of a function / can also 
be proved by equality as long as the equations for / are orthogonal: take a copy /' of / 
with the same equations, and prove /' = /. Here orthogonality is essential: if for instance 
a stream c has two rules c = : c and c = 1 : c, then the system is non-orthogonal and 
admits every boolean stream as a solution, while by having a copy c' with the same rules 
one can prove c = c' by only using the rules c = : c and c' = : c'. 

The input format of Circ diff^ers from what we call stream specifications: in order to fit 
in the co-induction approach liead and tail are already building blocks and the Circ input 
is essentially the same as what we call the observational variant. Our implementation as 
discussed in Section [6] offers the facility to transform a stream specification to Circ format, 
and also generate the equalities representing well-definedness in Circ format. For very simple 
examples the equalities can be proved automatically by Circ, but for several small stream 
specifications Circ fails while our approach succeeds in proving well-definedness. Conversely 
our approach can be helpful to prove equality of two streams: if one stream satisfies the 
specification of the other one, and both specifications are well-defined, then the streams are 
equal. 

Another closely related topic is productivity of stream specifications, as studied by [3]. 
Productive stream specifications are always well-defined. Conversely we will give an example 
(Example [4]) of a stream specification that is well-defined, but not productive. Our format 
of stream specifications is strongly inspired by [3j . In [3] a technique has been developed for 
establishing productivity of single ground terms fully automatically for a restricted class of 
stream specifications. In particular, only a mild type of nesting in the right-hand sides of 
the equation is allowed. If these restrictions hold, then the approach yields a full decision 
procedure for productivity, and provides a corresponding implementation by which for a 
wide range of examples productivity can be proved fully automatically. Productivity of a 
single ground term implies well-definedness of that single term. On the other hand, our 
technique often applies where their restrictions do not hold, or for proving well-definedness 
for systems that are not productive. Apart from the technique from [3] there are more results 
on productivity. An approach to prove productivity by means of outermost termination has 
been presented in |21j : a more recent approach using transformations and context-sensitive 
termination is presented in [20] . For both these approaches the power of present termination 
provers is exploited for proving productivity automatically, similar to what we do in this 
paper for proving well-definedness. 

In [9] well-definedness of a stream specification is claimed if some particular syntactic 
conditions hold, like all right-hand sides of the equations have ":" as its root. Their result 
both follows from our main theorem and from the productivity analysis of [,4J. 
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Both stream equality [15j and productivity ^7] have been proved to be n2-complete, 
hence undecidable. By a similar Turing machine construction the same is expected to hold 
for stream well-definedness. 

This paper is an extension of the RTA conference paper [19] and the corresponding tool 
description [18j. Compared to these papers 

• some definitions have been slightly modified in order to cover a more general setting, 

• the process of unfolding and other transformations preserving the semantics have been 
worked out in detail in Section [s] and Section [sj while in [TJj only some of the ideas were 
sketched by examples, 

• more examples are given, in particular specifying the paper folding stream and the Ko- 
lakoski stream. 

The paper is structured as follows. In Section[2]we present the basics of stream specifications 
and their models. In Section [3] we show how a non-proper stream specification can be 
unfolded to a proper stream specification preserving semantics and well-definedness. In 
Section [4] we define the transformation of a proper stream specification to its observational 
variant. In Section [S] we present and prove the main theorem: if the observational variant is 
terminating then the specification is well-defined, that is, restricted to ground terms it has 
a unique model. In Section |6] we describe our implementation. In Section [7] we show that 
the restriction to ground terms in the main theorem may be removed in case the stream 
specification is data independent, that is, left-hand sides of equations do not contain data 
values. In Section [8] we present requirements on transformations on stream specifications 
for preserving semantics and well-definedness. In case the observational variant of a stream 
specification is not terminating, or the tools fail to prove termination, then we can apply 
such transformations. Often then the observational variant is terminating, proving not 
only well-definedness of the transformed specification, but also of the original one. One of 
the corresponding examples serves for proving incompleteness of our main theorem. We 
conclude in Section O 

2. Streams: Specifications and Models 

In stream specifications we have two sorts: s (stream) and d (data). We assume the 
set D of data elements to consist of the unique normal forms of ground terms over some 
signature with respect to some terminating orthogonal TRS Rd over Tid- Here all symbols 
of Srf are of type dP" ^ d for some n > 0. We assume a particular symbol : having type 
d X s — 7- s. For giving the actual stream specification we need a set of stream symbols, 
each being of type x s™ — t- s for n, m > 0. Now terms of sort s are defined inductively 
as follows: 

• a variable of sort s is a term of sort s, 

• if / G Ss is of type x — )• s, ui, . . . , n„ are terms over and ti, . . . , are terms of 
sort s, then f{ui, . . . , ti, . . . , tm) is a term of sort s, 

• if It is a term over Ti^ and i is a term of sort s, then u : t is a term of sort s. 

Note that we do not allow function symbols with output sort d and input containing sort 
s. One reason for this is that we do not want that distinct data elements are made equal 
by stream equations. 

An equation of sort s is a pair (£, r) of terms of sort s, usually written as £ = r. 
An equation can also be considered as a rule in a TRS. For basic properties of TRSs we 
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refer to [3j. In particular, an orthogonal TRS is always confluent, from which it can be 
concluded that every term has at most one normal form. Here orthogonal means that the 
left-hand sides of the rules are non-overlapping, and every variable occurs at most once in 
any left-hand side. 

As a notational convention variables of sort d will be denoted by x,y, terms of sort d 
by u, Ui, variables of sort s by a, r, and terms of sort s by t, U. 

Definition 2.1. A stream specification {Y,d,'^s, Rd, Rs) consists of Srf,E<j,i?rf as given be- 
fore, and a set Rg of equations over U U {:} of sort s. 

A stream specification (E^, T,s, Rd, Rs) is called proper if all equations in Rs are of the 
shape 

f{u\, ■ ■ ■ 1 Ufii ti, . . . , trri) — ^) 

where 

• / G is of type x — ;> s, 

• for every i = 1, . . . ,m the term ti is either a variable of sort s, or ti = x : a where x is a 
variable of sort d and o" is a variable of sort s, 

• t is any term of sort s, 

• RgU Rd is orthogonal, 

• Every term of the shape f{ui, . . . ,Un,Un+i ■ ti, . . . ,Un+m '■ tm) for / € of type 
d^ X s^ ^ s, and ni, . . . , n„+m G D matches with the left-hand side of an equation from 
Rs- 

Some parts in this definition allow modification, but for being a basis for the rest of our 
theory we fix this choice. All of our examples are on boolean streams, but by allowing data 
to be ground normal forms of a data TRS, the setting is much more general. 

Sometimes we call Rg a stream specification: in that case S^, consist of the symbols 
of sort d, s, respectively, occurring in Rs, and R^ = 0. 

Example 1. For specifying the Thue-Morse sequence the data elements are 0, 1, and a data 
operation not is used. The data rewrite system Rd consists of the two rules not(O) — )• 1 and 
not(l) — > 0. The set Rg consists of the equations 

morse = : zip(inv(morse),tail(morse)) la\\{x -. a) = a 

inv(x : fj) = not(x) : inv(fT) zip(x:fT, r) = x:Z\p{T,a) 

This is a proper stream specification. 



Definition 2.1 is closely related to the definition of stream specification in [1]. In fact 
there are two diff'erences: 

• We want to specify streams for every ground term of sort s, while in |3] there is a 
designated constant to be specified. 

• Our restriction on left-hand sides of Rg in a proper stream specification is stronger than 
the exhaustiveness from [3]. However, by introducing fresh symbols and equations for 
defining these fresh symbols, every stream specification in the format of [4j can be unfolded 
to a proper stream specification in our format. This is worked out in Section [3j 

Stream specifications are intended to specify streams for the constants in S^, and stream 
functions for the other elements of Tig. The combination of these streams and stream 
functions is what we will call a stream model. 
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More precisely, a stream over D is a map from the natm'al numbers to D. Write 
for the set of all streams over D. In case of D = we have = 0; in case of = 1 we 
have i^D^ = 1. So in non-degenerate cases we have #-D > 2. 

It seems natural to require that stream functions in a stream model are defined on all 
streams. However, it turns out that several desired properties do not hold when requiring 
this. Therefore we allow stream functions to be defined on some set 5 C for which every 
ground term can be interpreted in S. 

Definition 2.2. A stream model is defined to consist of a set S C and a set of functions 
[/] for every / G E^, where [/] : x 5™ ^ 5 if the type of / e is d" x s"^ ^ s. 

For a ground term u over write NF('u) for its iJ^-normal form. We write Tg for the 
set of ground terms of sort s over U U {:}. For t £ Tg the stream interpretation [t] in 
the stream model (5, ([/])/eEs) is defined inductively by: 

[f{ui,...,Un,ti,...,tm)] = [f]{[ui],...,[Un\,[ti],...,[tm]) for / G 

[f{ui,...,un)] = NF(/(^xi,...,n„)) for /G Ed 

[u:t]{0) = [u] 

[u:t]{i) = [t]{i-l) fori>0 

for all ground terms u, Ui of sort d and all ground terms t, ti of sort s. 
So in a stream model: 

• every data operator is interpreted by its corresponding term constructor, after which the 
result is reduced to normal form, 

• every stream operator / is interpreted by the given function [/], and 

• the operator : applied on a data element d and a stream s is interpreted by putting d on 
the first position and shifting every stream element of s to its next position. 

Any stream model (S", ([/])/eSi,) can be restricted to a stream model (5', ([/])/eSs) satisfying 
5' C 5 and 5" = {[t] I t G TJ, note that from S" = {[t] | t G TJ we conclude that S' is 
closed under [/] for every f £ T,s. 

Definition 2.3. A stream model {S, {[f])f£j]^) is said to satisfy a stream specification 
(Ed, Eg, Rd, Rs) if [^p] = [rp] for every equation £ = r in Rs and every ground substitution 
p. We also say that the specification admits the model. 

If a stream model (5, ([/])/(=Ss) satisfies a stream specification, then the stream model 
(S", defined by S' = {[t] \ t G T^} satisfies the same stream specification by 

definition. 

Definition 2.4. A stream specification is well-defined if there is exactly one stream model 
{S, ([/])/gSs) satisfying the stream specification for which S = {[t] \ t G T^}. 

One can wonder why to restrict to 5" = {[t] | t G T^}. Another option would be simply 
state S = D'^ . However, sometimes restricting to ground terms yields a unique model, 
while functions applied on arbitrary streams are not unique. In Example |3] we will see an 
example of this phenomenon. By restricting to interpretations of ground terms and ignoring 
unreachable streams, we arrived at our definition of well-definedness. 

Not every proper stream specification is well-defined: if ij^D > 1 and Rs only consists 
of the equation c = c then every stream [c] satisfies the specification. Less trivial is the 
boolean stream specification 

c = 0:/(c), f{x:a)=a, 
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in which [/] can be chosen to be the tail function and [c] be any stream starting with 0, 
yielding several stream models. There are also proper stream specifications with no model, 
for instance 

c = /(c), f{x:a) = g{x,a), 
5(0, cr) = l:a, g{l,(T) = 0:a 

Here [/(c)] starts with 1 if [c] starts with 0, and conversely, contradicting [c] = [/(c)]. 

3. Unfolding Stream Specifications 

The specification of the function / 

/(O : a) = : 1 : f{a), f{l:a)=0: f{a) 

in the introduction to define Fib does not meet the requirements of a proper stream spec- 
ification since the argument : o" in the left-hand side /(O : a) is not of the right shape. 
Introducing a fresh symbol g and unfolding yields 

fix -.a) = gix,a) giO,a) = : 1 : /(a) 

g{l,a) = 0:f{a) 

satisfying the requirements of a proper stream specification. In this section we precisely 
define this unfolding and show that it does not influence well-definedness. 

Let (Tici, Tig, R(i, Rg) be a stream specification in which Rg contains an equation 

f{u\, . . . , Un; ^1) ■ • • ) tm) — ^) 

where / S is of type x s"^ ^ s, and for some i £ {!,..., m} the term tj is of the shape 
ti = u : t' where not both u and t' are variables, so the stream specification is not proper. 
Then the unfolded stream specification on / on position i, denoted as Unfj^j(Srf, S^, Rd, Rs), 
is obtained by adding a fresh symbol g of type d^~^^ x — )• s to S^, adding an equation 

/(Xi, . . . ,Xn,Cri, . . . ,Xn+l ■ (^i, ■ ■ ■ , (^m) = g{xi, ■ ■ ■ ,X„+i,ai, . . . , 0"^) 

to Rs, where Xn+i ■ <Ti is in the i-th stream position of /, and in which every equation in 
Rs of the shape 

f{ui, . . . ,Un,ti, . . . ,U : t' , . . .tm) = t 

where u : t' is on the z-th stream position of /, is replaced by 

g{ui, ...,Un,U,ti,...,t',...tm) =t, 

where t' is on the i-th stream position of g. 

Applying Unfj^i on the Fib stream specification from the introduction yields 

fix -.a) = g{x,a) g{0,a) = 0:1: f (a) 

Fib = /(Fib) g{l,a) = 0:f{a) 

which is indeed a proper stream specification. 

In general, for every exhaustive stream specification in the sense of by repeatedly 
applying Unfj^j for various /, i, as long as an equation of the shape /(ui, . . . , tin, ii, • . . , u : 
t', . . . tm) = t exists for which not both u and t' are variables, a proper stream specification 
in our sense can be obtained. 

In order to justify this unfolding it remains to prove that the original stream speci- 
fication is well-defined if and only if the unfolded variant is well-defined, and in case of 
well-definedness they define the same. More precisely, we prove that the transformation 
Unfj^j preserves semantics, defined as follows. 
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Definition 3.1. A transformation ^ mapping a stream specification (T,f^,Tis, R^, Rs) to 
Eg, Rd, R'g) satisfying Eg C S'^ is said to preserve semantics if 

• (Sd, Ss, Rd, Rs) is well-defined if and only if {T,d, S'^, Ra, R'^) is well-defined, and 

• If {Tid,'^s, Rd, Rs) is well-defined with corresponding model (5, [•]), and (5", [•]') is the 
model corresponding to (S^, S'^, Rd, R'g), then [t] = [t]' for all ground terms of sort s over 

Obviously, preservation of semantics is closed under composition of such transformations. 

We prove that Unfj j preserves semantics in two steps: first we only add the equation 
for the fresh symbol g, and then we do the replacement of the /-equations by (7-equations. 
For each of these two steps we show by a more general lemma that semantics is preserved. 

Lemma 3.2. Let {T,ii,T,s, R^, Rs) be a stream specification. Let g ^ T,s be of type d""''^ x 
s*" — )• s. Let R'g be the union of Rs and an equation 

t = a{xi, ■ ■ ■ ,Xn+i,ai, . . .,am) 
in which the symbol g does not occur in t, and t does not contain variables other than 
xi,..., Xrt+i, cJi, . . . , Gm- Then transforming (S^, 'Ls, Rd, Rs) to (S^, U {g}, Rd, R's) pre- 
serves semantics. 

Proof. First assume that the stream model {S, ([/])/eEs) satisfies the stream specification 
(Sd, Eg, Rd, Rs) and = {[t] | t G T^}. For si, . . . , Sm & S choose ti, . . . , G such that 
Si = [ti] for i = 1, . . . , m. Now for di, . . . , dn+i G D define 

[g]idi, . . . , dn+l, Si, ...,Sm) = [tp] 

for p defined by p{xi) = for z = 1, . . . , n -|- 1 and p{cri) = Sj for i = 1, . . . , m. Due to the 
compositional shape of the definition of [/] for / G this definition of g is independent of 
the choice of fi, . . . ,tm G T^. By construction this yields a stream model {S, ([/])/eEsU{3}) 
satisfying (S^jS^ U {g} , Rd, R'g) and S = {[t] \ t G T^}, where in the latter stands for 
ground terms including the symbol g. 

Conversely, assume we have a stream model (5', ([/])/gE^u{3}) satisfying (S^, U 
{g},Rd,R's) and 5 = {[t] \ t £ T^}. Then by ignoring g it is also a stream model sat- 
isfying (T,d,T,s, Rd, Rs)- Due to the shape of the equation containing g, for every ground 
term t' containing g there is a ground term t" not containing g satisfying [t"] = [t']. So we 
also have = {[t] \ t £ Tg} for Tg standing for the ground terms not containing g. 

Summarizing, a model for (S^, S^, Rd, Rs) yields a model for (S^, U {g},Rd, R's) and 
conversely, keeping the same set S and both satisfying 5 = {[t] | t G T^}. This proves 
the first requirement of semantics preservation. The second requirement holds since the 
interpretations of ground terms are the same in both models. D 



In Lemma 3.2 the signature was extended by a fresh symbol, while except for adding 
one equation for this fresh symbol, the equations remained the same. In the next lemma 
it is the other way around: now the signature remains the same and the equations may be 
modified. For a set R of equations we write =r for the congruence generated by R, that is, 
the closure of R under substitutions, contexts, reflexivity, symmetry and transitivity. 

Lemma 3.3. Let {Y^d,'^s, Rd, Rs) o-nd {Tid,'^s, Rd, R's) be stream specifications satisfying 
^ =R' r for all i = r in Rg, and i =r^ r for all i = r in R'g. Then transforming 
{T,d,^s, Rd, Rs) to {Tid,'^s, Rd, R'g) preserves semantics. 
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Proof. From the given connection between Rg and R'^ it is immediate that a model satisfies 
Ss, Rd, Rs) if and only if it satisfies {Ti^, S^, R^, R'g). From this the lemma follows. D 

Theorem 3.4. The transformation Unfj^j preserves semantics on stream specifications on 
which it is defined. 

Proof. The operation Unfj j consists of two steps: the addition of an equation generating 
g and the replacement of existing equations for /. The addition preserves semantics due 



to Lemma |3.2[ For the replacement Lemma 3.3 applies, for both directions applying the 
equation 

f{xi, . . . ,Xn,(Tl, . . . ,Xn+l : fTj, . . . , dm) = g{xi, . . .,Xn+l,Cri, . . . ,fTm)- 

As both transformations preserve semantics, the same holds for the composition Unfj^j. □ 



4. The Observational Variant 

We define a transformation Obs transforming the original set of equations Rg in a 
proper stream specification to its observational variant Obs(i2s), being a TRS. The basic 
idea is that the streams are observed by two auxiliary operators head and tail, of which head 
picks the first element of the stream and tail removes the first element from the stream, and 
that for every i G of type stream both head(t) and tail(t) can be rewritten by Obs(i?s). 

The main result of this paper is that if Obs(i?s) U Rd is terminating for a given proper 
stream specification (S^, S^, i?^, i?^), then the specification is well-defined, that is, it ad- 
mits a unique model (5*, ([/])/eSs) satisfying S = {[t] \ t G T^}. As a consequence, the 
specification uniquely defines a corresponding stream [t] for every t G Tg- 

We define Obs(i?s) in two steps. First we define P{Rg) obtained from Rg by modifying 
the equations as follows. By definition every equation of Rg is of the shape 

/(m, . . . ,Un,ti, . . . ,tm) =t 

where for every i = 1, . . . ,m the term tj is either a variable of sort s, or ti = x : a where x 
is a variable of sort d and o" is a variable of sort s. In case ti = x : a then in the left-hand 
side of the equation the subterm ti is replaced by a, while in the right-hand side of the 
equation every occurrence of x is replaced by head(cr) and every occurrence of a is replaced 
by tail(o-). 

For example, the equation for zip in Example [T] will be replaced by 

zip(cr,r) head(o-) : zip(r,tail(cr)). 
Now we are ready to define Obs. 

Definition 4.1. Let (S^, Ss, -Rrf, -Rs) be a proper stream specification; tail ^ S. Let P{Rg) 
be defined as above. Then Obs(i?<j) is the TRS over (S^ U S^) U {:, head, tail} consisting of 

• the two rules 

head(x : a) — ;> x, tail(x : o-) — ;> a, 

• for every rule in P{Rg) of the shape i ^ u : t the two rules 

head(£) u, tail(^) t, 

• for every rule in P{Rg) of the shape i ^ r with root(r) ^ : the two rules 

head(^) ^ head(r), tail(^) ^ tail(r). 
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The reason for first transforming Rg to P{Rs) is tliat for the vahdity of the main theorem 
we need the special shape of the rules of 0bs(i?5) in which apart from the root symbol 
head or tail and one symbol from S^, every left-hand sides only consists of variables. 

Example 2. For the set Rg of equations given in Example [T] we rename the symbol tail by 
tailO in order to keep the symbol tail for the fresh symbol introduced in the Obs construction. 
Then the TRS Obs(-Rs) consists of the following rules: 

head(x : cr) x head(tailO(o-)) head(tail(cr)) 

tail(x : cr) ^ cr tail(tailO(CT)) ^ tail (tail (cr)) 

head(morse) head(zip(cj, r)) head(c7) 

tail(morse) zip(inv(morse),tailO(morse)) tail(zip(cj, r)) zip(r,tail((j)) 
head(inv(c7)) not(head(o-)) 

tail(inv((T)) inv(tail(o-)) 

Together with the rules not(O) — )• 1 and not(l) — )• from R^ this TRS is terminating as can 
easily be proved fully automatically by AProVE [6J or TTT2 [lOj. As a consequence, the 
result of this paper states that the specification uniquely defines a stream for every ground 
term of type s, in particular for morse. 



5. The Main Theorem 

We start this section by presenting our main theorem. 

Theorem 5.1. Let (Ti^jTig, Rd, Rs) be a proper stream specification for which the TRS 
Obs(i?s) U Rd is terminating. Then the stream specification is well-defined. 

Recall that a stream specification is defined to be well-defined if it admits a unique 
model {S, ([/])/gSs) satisfying S = {[t] \ t S T<j}. Before proving the theorem we show by 
an example why it is essential to restrict to = {[t] \ t € T^} rather than choosing 5 = . 
A degenerate example is obtained if there are no constants of sort s, and hence = 0. 
More interesting is the following. 

Example 3. Consider the proper boolean stream specification with Rd = and Rs consists 
of: 

c = l:c f(x:a)= g{x,a) 

5(0,(7) = f{a) 
g{l,a) = l:f{a) 
obtained by unfolding 

c = l:c f{0:a) = f{a) 

/(I: a) = l:/(a) 

The function / has been specified in such a way that it tries to remove all O's from its 
argument. So for streams specified by terms like /(c) there is nothing to remove, and we 
expect well-definedness: the term /(c) will uniquely be defined to be the stream of only 
ones. However, for streams containing only finitely many I's this may be problematic. Note 
that by the symbols c, :, and 1 only the streams with finitely many O's can be constructed, 
so for ground terms over the symbols occurring in the specification this problem does not 



arise. Indeed, it turns out that the TRS Obs{Rs) U Rd is terminating, so by Theorem 5.1 



the specification is well-defined. It is interesting to remark that the approach from fails 
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to prove productivity, as this stream specification is not data- obliviously productive, i.e., 
the identity of the data is essential for productivity. Moreover, also Circ |TT] fails to prove 
well-definedness of this stream specification. 

We concluded that this example is well-defined: it admits a unique model {S, ([/])/esJ 
satisfying S" = {[t] \ t £ T^}. However, when extending to all streams the function [/] : 

—7- is not uniquely defined, even if we strengthen the requirement of [ip] = [rp] for 
all equations i = r and all ground substitutions p to an open variant in which the it's in 
the equations are replaced by arbitrary streams. Write ones and zeros for the streams 
only consisting of ones, resp. zeros. Two distinct models and [•]2 satisfying the stream 
specification are defined by: 

[c]i = [f]i{s) = [g]i{u,s) = ones for all s G D'^,u G D, 

and [c]2 = ones, and [/]2(s) = [g]2{u,s) = ones for u G D and streams s containing 
infinitely many ones, and [/]2(s) = 1" : zeros, [g]2{u, s) = [f]2{u : s) ioi u £ D and streams 
s containing n < oo ones. 



Now we arrive at the proof of Theorem 5.1 , The plan of the proof is as follows. 

• First we construct a function : — )• D'^ , and choose Si = {[t]i \ t G Tg}. 

• Next we show that if [ti]i = [t'-]i for i = 1, . . . , m, then 

[f{ui, ...,Un,ti,.. .,tm)]l = [/(Ui, . . .,Un,t[, . . . ,0]l, 

by which is well-defined and we have a model (5i, ([/]i)/eSs)- 

• We show this model satisfies the specification. 

• We show that no other model (5, ([/])/eEs) with S = {[t] \ t G T^} satisfies the specifica- 
tion. 

First we define [t]i G -D^ for any t G T^. Since elements of D'^ are functions from N to D, 
a function [t]i G is defined by defining for every n G N. Due to the assumption 

of the theorem the TRS Obs(i?s) U Rd is terminating. According to the definition of a 
proper stream specification the TRS Rg U Rd is orthogonal, and by the construction Obs 
the TRS Obs(i?s) U Rd is orthogonal, too. So it is confiuent. Since we assume termination, 
we conclude that every ground term of sort d has a unique normal form with respect to 
Obs(i?s) U Rd. 

Assume such a normal form of sort d contains a symbol from U {:}. Choose such 
a symbol with minimal position, that is, closest to the root. Since the term is of sort d, 
this symbol is not the root. Hence it has a parent. Due to minimality of position, this 
parent is either head or tail. Due to the shape of the rules of Obs(i?s)! a rule of Obs(i?s) 
is applicable on this parent position, contradicting the normal form assumption. So the 
normal form only contains symbols from T,d. Since it is also a normal form with respect to 
Rd, such a normal form is an element of D. Now for t £ Tg and n G N we define 
[t]i{n) = the normal form of head(tair(t)) with respect to Obs{Rs) U Rd, 
in this way defining [t]i G D'^ . 

Lemma 5.2. Let Obs{Rs) U Rd be terminating. Let f £ Y,s of type d"' x s"^ ^ s. Let 
ui, . . . ,Un £ D and ti, . . . , t„i, t'l, . . . ,t'^ £ satisfying [ti\i = [t'Ji for i = 1, . . . ,m. Then 

[f{ui, ...,Un,ti,.. .,tm)]l = [f{ui, . . .,Un,t[, . . . ,t'^)]i. 

Proof. First we extend the definition of to all ground terms over U U {:, head, tail}. 
For ground terms t of sort s we define it by [t]i(?i-) = the normal form of head(tail"(t)) with 
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respect to Obs(i?s) U Rj,, and for ground terms u of sort d we define [u]i to be the normal 
form of u with respect to Obs(i?5) U R^. We prove the following claim. 

Claim 1: Let [t]i = [t']i for t,t' G T^. Let T be a ground term over 
Ss U Srf U {:, head, tail} of sort s containing t as a subterm. Let T' be 
obtained from T by replacing zero or more occurrences of the subterm t by 
t'. Then 

[head(T)]i = [head(r')]i. 
Let > be the well-founded order on ground terms being the strict part of > defined by 

V > v' <^=^ v' is a subterm of v" such that v — ^-J^i^..^ , „ v" . 

Wc prove the claim for every such term head(T) by induction on >. 

Claim 1 is trivial if i = T, so we may assume that T = f{ui, . . . , Un, ti, . . . , tm) such that 
t occurs in ui, . . . ,Un,ti, . . . ,tm, and either / G S5U{:,tail}, and T' = f{u'i, ... , u'^,t[, . . . ji'^). 
For every subterm of Uj of the shape head(- • • ) we may apply the induction hypothesis, 
yielding [ui]i = [u'Ji = dj for all i, defining di ^ D. 

In case the root of T is not tail we rewrite 

head(T) ^obs(i?.)ui?d head(/(di, . . . , d„, ti, . . . , 

and then continue by the rule head(/(- • • )) • • • in Obs(i?s), yielding a term U of sort 
d. As head is the only symbol of sort d having an argument of sort s, the only way such a 
term can contain t as a subterm is by ?7 = C[head(Fi), . . . , head(Vfe)] where t is a subterm 

of some of the Vi and C is composed from S^. Similarly, we obtain 

head(T') ^obs(ii.)uii, head(/(di, ...,dn,t[,...,t'J ^ C[head(y/), . . . , head(F^)], 

for V- obtained from Vi by replacing zero ore more occurrences of thyt'. By the induction 
hypothesis we obtain [head(yj)]i = [head(F/)]i. So [head(Vi) and [head(F/) rewrite to the 
same normal form for all i. Hence 

[head(T)]i = [C[head(yi), . . . , head(l^fc)]]i = [C[head(^/), . . . , head(yfe')]]i = [head(r')]i, 

which we had to prove. 

In case the root of T is tail then write 

T = taiP(/(- • • )) ^obs(ii.)uii, taiP(/(di, ...,dn,h,.. .,tm) 

for / G Eg U {:}. This can be rewritten by the rule tail(/(- • • )) ^ • • • in Obs{Rs), yielding 
V. Note that for applicability of this rule it is essential that the arguments of / in the 
left-hand side are variables, which was achieved by first applying the transformation P. 

On the same position using the same rule we can rewrite T' — ^ObS(i? ) ^' ^' 
obtained from V by replacing one or more occurrences of t hy t' . Applying the induction 
hypothesis gives [head(y)]i = [head(V")]i yielding 

[head(T)]i = [head(y)]i = [head(F')]i = [head(r')]i, 
concluding the proof of Claim 1. 

Claim 2: Let [t]i = [t']i for t,t' G T^. Let T be a ground term over 
Es U U {:, head, tail} of sort s containing i as a subterm. Let T' be 
obtained from T by replacing one or more occurrences of the subterm t by 
t'. Then [T]i = [r']i. 
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Claim 2 easily follows from Claim 1 and the observation 

[r]i = [T']i ^ Vi G N : [head(taiP(r))]i = [heacl(tair(r'))]i. 

Now the lemma follows by applying Claim 2 and replacing U by t'^ successively for i = 
1, . . . ,m. □ 

Define Si = {[t]i \ t £ TJ. For any / G of type x s™ ^ s for m, D 
and ti, . . . , tm, t[, ...,t'^£TsWe now define : x 5"" ^ 5 by 

...,Un, [tl], [tm]) = [fiui, . . . ,n„,ti, . . .,tm)]i; 



Lemma 5.2 implies that this is well-defined: the result is independent of the choice of the 
representants in [ti]i. So {Si, ([/]i)/ei;J is a model. 

Next we will prove that it satisfies the specification, and essentially is the only one 
doing so. 

Lemma 5.3. Let £ ^ r £ Rg and let p be a substitution. Then 

• there is a term t such that head(^p) "^Qi-jg^^ ^ ^ ^^'^ head(r/>) "^Qi^g^^jij -j ^' ^'^^ 

• there is a term t such that \3A\{ip) — j-j^u,,,, t and \3\\(rp) — T-j^L,., t. 

Proof. Let / be the root of L Define p' by ap' = xp : ap for every argument of the shape 
X : o" of / in ^, and p' coincides with p on all other variables. Then head(£/9) = i' p' 
for some rule in i' — t- r' in Obs(i?s). Now a common reduct t of r' p' and head(r/3) is 
obtained by applying the rule head(x : cj) — )■ x zero or more times. This yields head(^/9) = 
^'P' ^ObS(iJ.) ^bbS(iJ«) * "^"^^ head(rp) ^obS(i?.) '^^'^ argument for tail(£p) and 
\di\\{rp) is similar. □ 

Lemma 5.4. T/ie model (S*!, satisfies the specification {T,d,T,s, Rd, Rs)- 

Proof. We have to prove that [ip]i{i) = ['''p]i{i) for every equation i = r in Rg, every ground 
substitution p and every i G N. By definition [^p]i(i) is the unique normal form with respect 
to Obs{Rs)LlRd of head(taiP(£p)), and Mi(i) is the similar normal form of head(taiP(rp)). 
The terms head{ta\\\£p)) and head(taiP(rp)) have a common Obs(i?s)-reduct. For i = 
this follows from the first part of Lemma |5.3[ for i > this follows from the second part of 



Lemma 5.3 As they have a common reduct, their unique normal forms [^/o]i(«) and 

with respect to Obs{Rs) U Rd are equal, which we had to prove. □ 



For concluding the proof of Theorem 5.1 we have to prove that (Si, i[f]i)fej:J is the 
only model satisfying the specification (S^, S^, Rd, Rs) and S = {[t] \ t G T<j}. This follows 
from the following lemma. 

Lemma 5.5. Let (S, ([/])/6E ) be any model satisfying (S^, o-nd t G Tg. Then 

[t] = [t]i. 

Proof. By definition in the model for u € D and s £ S we have 

i[:\{u,s)m=u, = s(i-l) for i > 0. 

In the original stream specification the symbols head, tail do not occur, for these fresh 
symbols we now define functions [head] and [tail] on streams s by 

[head](s) = s(0), ([tail](s))(i) = s(i + l) for i > 0. 
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If 5" 7^ then it is not clear whether [tail](s) G S for every s £ S. Therefore we extend S 
to and define [/](• • • ) to be any arbitrary value if at least one argument is in \ S; 
note that for the model satisfying the specification we only required [ip] = [rp] for ground 
substitutions to by which these junk values do not play a role. 

Due to the definitions of [:], [head] and [tail] this extended model satisfies the equations 

head(a; -. a) = x 
la\\{x : a) = a 

a = head(cr) : tail(cr) 

that is, for p mapping x to any term of sort d and a to any term of sort s we have [ip] = [rp] 
for every £ — t- r G E. From the definition of Obs(-Rs) it is easily checked that any innermost 
step t — ^ObS(i? ) ^' on a ground term t is either an application of one of the first two rules 
of E, or it is of the shape 

where due to the innermost requirement the redex of the — )-_r^ step does not contain the 
symbols head or tail so is in T^. Since the model is assumed to satisfy the specification 
(S^, Ss, Rd-, Rs), we conclude that [t] = [t'] for every innermost ground step t — ^ObS(R ) 

For the lemma we have to prove that [t]{i) = [t]i{i) for every i G N. By definition 
[t]i{i) is the normal form with respect to Obs(i?s) U Rd of head(tail*(t)). Now consider an 
innermost Obs(i?s) U i?(i-reduction of head(tail*(t)) to [i]i(i). By the above observation and 
the definitions of [head] and [tail] we conclude that 

[t](.) = [head(tair(t))] = [[t]iW] = [t]i(i), 
the last step since [t]i(i) G D. This concludes the proof, both of the lemma and Theorem 

131 □ 



We conclude this section by an example of a well-defined proper stream specification 
that is not productive. 

Example 4. Choose = {c,f,g}, = {0, 1}, Rd = 0, and Rg consists of the following 
equations: 

c — 1 : c 
/(x:a) = 
g{x -.a) = c. 

This is a valid proper stream specification for which Obs(i?s) is terminating, as can be 



shown by AProVE |6] or TTT2 [10]. Hence by Theorem 5.1 it is well-defined. So the 
ground term /(c) has a unique interpretation: the stream only consisting of I's. However, 
/(c) is not productive, as it only reduces to terms having / or on top. 

So the TRS Rs uniquely defines /(c), but is not suitable to compute its interpretation. 



6. IMPLEMENTATION 

In http : //www . win . tue . nl/~hzantema/ str . zip we offer a prototype implementation 
automating proving well-definedness of boolean stream specifications by the approach we 
proposed. The main feature is to generate the observational variant for any given boolean 
stream specification. Being only a prototype, the focus is on testing simple examples as 
they occur in this paper. The default version runs under Windows with a graphical user 
interface and provides the following features: 
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• Boolean stream specifications can be entered, loaded, edited and stored. The format is 
the same as given here, with the only difference that for the operator ':' a prefix notation 
is chosen, in order to be consistent with the user defined symbols. 

• By clicking a button the observational variant of the current stream specification is tried 
to be created. In doing so, all requirements of the definition of stream specification are 
checked. If they are not fulfilled, an appropriate error message is shown. 

• If all requirements hold, then the resulting observational variant is shown on the screen 
by which it can be entered by cut and paste in a termination tool. Alternatively, it can 
be stored. 

• Alternatively, the stream specification can be transformed to Circ format. This occurs in 
two variants: 

• a basic variant in which the Circ proof goal should be added manually, and 

• a version generating two copies of the specification and generating goals for these to be 
equivalent. 

Again it is shown on the screen with cut and paste facility, or the result can be stored, 
both for entering the result in the tool Circ. 

• A term can be entered, and an initial part of the stream represented by this term can be 
computed. 

• For unary symbols the process of unfolding as described in Section [3] is supported. 

• Several stream specifications, including the Fibonacci stream (the variant as we will 
present in Example [7]) , the Thue-Morse stream (Example [T]) , the paper folding stream 
(Example [5] below) and the Kolakoski stream (Example [9]) are predefined. For all of these 
examples termination of the observational variant can be proved fully automatically both 
by AProVE [H] and TTT2 |lUj , proving well-definedness of the given stream specification. 

Apart from this graphical Windows version there is also a command line version to be run 
under Linux. This provides the main facility, that is, generates the observational variant 
in term rewriting format in case the syntax is correct, and generates an appropriate error 
message otherwise. 

None of the actions require substantial computation: for all features the result shows 
up instantaneously. On the other hand, proving termination of a resulting observational 
variant by a tool like AProVE or TTT2 may take some computation time, although never 
more than a few seconds for the given examples. This was one of the objectives of the 
project: the transformation itself should be simple and direct, while the real work to be 
done makes use of the power of current termination provers. 

We conclude this section by an interesting stream specification that can be dealt with 
by our implementation. Just like in the introduction for Fib, and later in Section [8] we also 
show a turtle visualization. These and others are made by a few lines of code traversing 
a boolean array containing the first elements of a stream. These first N elements are 
determined by executing outermost rewriting with respect to Rs starting in the constant 
representing the intended stream, until the first N elements have been computed. 

Example 5. Start by a ribbon of paper. Fold it half lengthwise. Next fold the folded 
ribbon half lengthwise again, and repeat this a number of times, every time folding in the 
same direction. Now by unfolding the ribbon one sees a sequence of top-folds and valley- 
folds, and the question is what is the pattern in this sequence. A first observation is that 
this pattern is the first half of the pattern obtained when folding once more, so every such 
sequence is a proper prefix of the next sequence. As a consequence, we can take the limit. 
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obtaining a boolean stream P, called the paper folding stream, in which top folds and valley 
folds are represented by and 1, respectively. 

Imagine what happens if we do an extra fold. Then all existing folds remain, but 
between every two consecutive folds a new fold is created. These new folds are alternately 
top folds and valley folds. So the effect of folding once more is that the new sequence is the 
zip of 010101 • • • and the old sequence. Taking the limit we obtain 

P = zip(alt,P), 

where for zip and alt we have the equations 

zip(x : a,T) = X : zip(r, a), alt = : 1 : alt. 

One may wonder whether P is already fully defined by these three equations for P, zip 
and alt. It is, by Theorem |5.1[ since the equations form a proper stream specification Rg 
for which termination of Obs{Rs) is easily proved by TTT2 or AProVE. 

Paper folding and many of its properties is folklore; we found this characterization of 
P independently. Turtle visualization of P is of particular interest, since the result is not 
just a visualization, but also the shape obtained if the ribbon is not fully unfolded, but only 
unfolded until the angles given as parameter of the turtle visualization. We only consider 
the case where the angles for (top fold) and 1 (valley fold) are equal. In case this angle is 
90 degrees, then the result is called the dragon curve; this curve touches itself, but does not 
intersect itself. Pictures are easily found on the Internet. When choosing turtle angles of 
less than 90 degrees, that is, the remaining paper fold is greater than 90 degrees, then the 
curve neither touches nor intersects itself. Doing this for 87 degrees and doing 15 folds, this 
yields the following turtle visualization of the first 2^^ — 1 = 32767 elements of the stream 
P: 
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7. Data Independent Stream Functions 



The reason that in Theorem 5.1 we have to restrict to models satisfying 5" = {[t] | t G 
Ts}, as we saw in Example [3| is in the fact that computations may be guarded by data 
elements in left-hand sides of equations. Next we show that we also get well-definedness for 
stream functions defined on all streams in case the left-hand sides of the equations do not 
contain data elements. 

Theorem 7.1. Let (S^, S^, ii^, i?^) be a proper stream specification for which the TRS 
Obs(i?s) U Rd is terminating and the only suhterms of left-hand sides of Rg of sort d are 
variables. Then the stream specification admits a unique model ("S", ([/])/eSs) satisfying 
S = D^. 

Proof, (sketch) We have to prove that for any / G of type d^ x s"^ ^ s the function 
[/] : X (D^)"^ — )• is uniquely defined. For doing so we introduce m fresh constants 
ci, . . . , Cm of sort s. Let A; G N and tii, . . . , u„ G D. Due to termination and orthogonality 
of Obs(i?s) u Rd, the term head(tail''(/(ni, . . . , n„, ci, . . . , Cm,))) has a unique normal form 
with respect to Obs(i?<j) U Rd- Since it is of sort d, due to the shape of the rules it is a 
ground term of sort d over U {head, tail, ci, . . . , Cm}, that is, a ground term T composed 
from J^d and terms of the shape liead(tail*(cj)) for i G N and j G {!,..., m}. For this 
observation it is essential that left-hand sides do not contain non- variable terms of sort d: 
terms of the shape /(liead(- ••)'■■■) should be rewritten. 

Let N be the greatest number i for which T has a subterm of the shape liead(tail*(cj)). 
Let si,...,Sm G . Define tj = Sj{0) : Sj{l) : ••• : Sj{N) : a. Since the term 
head(tail''(/(ni,...,Un,ci,...,Cm))) rewrites to T, liead(tail''(/(ni, . . . , n„, ti, . . . , t^))) 
rewrites to T' obtained from T by replacing every subterm of the shape liead(tail*(cj)) by 
liead(tail*(ii))- Observe that liead(tail*(tj)) rewrites to Sj{i) G D. So 

. . . , Un, si, . . . , Sm))ik) has to be the i^^-normal form of the ground term over 
obtained from T by replacing every subterm of the shape liead(tail*(cj)) by Sj{i) G D. Since 
this fixes {[f]{ui, . . . , m„, si, . . . , Sm))ik) for every k, this uniquely defines [/]. □ 

Example 6. It is easy to see that for the standard stream functions zip, even and odd 
defined by 

even(x a) = x 0dd((T), odd(x : a) = even(cr), zip(x : a, r) = x : zip(T, a), 
there exists / : D'^ — t- for every data set D satisfying 

fix: a) = x : zip(/(even(cj)),/(odd(cj))), 



namely the identity. By Theorem 7.1 we can conclude it is the only one, since for Rd = % 
and Rg consisting of the above four equations, the resulting TRS Obs(iis) consisting of the 
rules 

liead(even((j)) liead(cr) liead(odd(<T)) liead(even(tail(o-))) 

tail(even(cT)) ^ odd(tail((T)) tail(odd(a)) ^ tail(even(tail(cj))) 

liead(/((j)) liead(cr) 
tail(/(a)) ^ zip(/(even(tail(a))),/(odd(tail(a)))) 
and the rules for ':' and zip as in Example [2| is terminating as can be proved by AProVE 
[6] or TTT2 |10j. Other approaches seem to fail: the technique from |16j fails to prove that 
the identity is the only stream function satisfying the equation for /, while productivity of 
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stream specifications containing the rule for / cannot be proved to be productive by the 
technique from [3]. By essentially choosing Obs(i?s) as the input and adding information 
about special contexts, the tool Circ [11] is able to prove that / is the identity. 



8. More Transformations Preserving Semantics 

Unfolding the Fibonacci stream specification as given in the introduction yields the 
proper stream specification Rg consisting of the equations 

Fib = /(Fib) 5(0, a) = 0:1: /(a) 

f{x:a) = g{x,a) 5(1,0-) = : /(a). 

However, the TRS Obs{Rs) is not terminating since it allows the infinite reduction 

tail(Fib) ^ tail(/(Fib)) ^ tail((7(liead(Fib),tail(Fib))) ^ • • • , 



so our method fails to prove well-definedness of Fib in a direct way. In Lemma 3.2 and 



Lemma 3.3 we already saw two ways to modify stream specifications while preserving their 
semantics. In this section we will extend these lemmas to more general semantics preserving 
transformations, in particular by making use of the equations E from the proof of Lemma 



5.5 that hold in every model. As an example, we will apply such transformations to our 
original Fib specification. The observational variant of the resulting stream specification 
will be terminating, so proving well-definedness of the transformed Fib specification. But 
since the transformations are semantics preserving, this also proves well-definedness of the 
original Fib specification. 

In general we propose the following approach: in case for a stream specification the 
termination tools fail to prove termination of the observational variant, then try to ap- 
ply semantics preserving transformations as discussed in Section [3] and this section until 
a transformed system has been found for which termination of the observational variant 
can be proved. If this succeeds, this not only proves well-definedness of the transformed 
specification, but also of the original one. 

In this approach we have a symbol tail in several variants of the specification, while in the 
construction of observational variant a fresh symbol tail is required. So in the observational 
variant two versions of tail occur: the original symbol tail and the symbol tail created by 
Obs. However, if the observational variant happens to be terminating after identifying 
these two versions of tail, then it is also terminating if they are distinguished, so identifying 
them will not yield wrong results. But it may happen that termination holds if the two 
versions of tail are distinguished, and does not hold if they are identified. This is the case 
for Example [2| 

Recall that mapping a stream specification (Tid^Tis, Rd, Rs) to (S^^, S'^, i?^, i?'j,) with 
Ss C T,'g is said to preserve semantics if 

• (Srf, Ss, Rd, Rs) is well-defined if and only if (S^^, S'^, Ra, R'g) is well-defined, and 

• If (Srf, Ss, i?<() is well-defined with corresponding model (5, [•]), and (5"', [•]') is the 
model corresponding to (S^, S'^, R^, R'^), then [t] = [t]' for all ground terms of sort s over 

For well-definedness we required the model to satisfy S* = {[f] | t G T^}. For this section 
we need one more technical requirement: S should be closed under tail. In order not to 
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change our definitions, throughout this section we assume the following extra assumptions 
to achieve this requirement: 

• the symbol tail is in S^, and 

• the corresponding equation tail(2; : a) = a is in Rs. 



Lemma 3.3 states that in keeping the same signature Sg, replacing Rg by R'g preserves se- 
mantics as long as convertibility with respect to Rg coincides with convertibility with respect 
to R'g. But as we are interested in preservation of semantics, this syntactical convertibility 
requirement may be weakened to a more semantic version: if Rg and R'g do not have the 
same convertibility relation, but allow the same models, the same can be concluded. So 
now for a set Rg of equations we will introduce a congruence being weaker than =r^, 
but still preserving semantics. 
Recall the set E of equations 

!head(2; -. a) = x 
tail(x : cr) = a 
a = head(cr) : tail(cr) 

For a set Rg of equations of sort s we define the relation on terms over EsUS(jU{head} 
inductively by 

• a i = r is in Rg then i r, 

• is reflexive, symmetric and transitive, 

• if C is a context and p is a substitution and t t' , then C[tp] C[t'p], 

• if ^ = r is in E then i r, 

• if t, t' are terms that may contain a fresh variable x of type d, and t[x := u] t'[x := n] 
for every u £ D, then t t' . 

Note that is defined by the first three items, so generalizes =ji^ by the additional 
last two items. 

Lemma 8.1. Let (S^, S<j, i?^, i?^) and (S^, S^, i?^, i?^) be stream specifications satisfying 
^ f for all i = r in Rg, and i r for all £ = r in R'g. Then transforming 

{T,d,^s, Rd, Rs) to {Tid,'^g, Rd, R'g) preserves semantics. 

Proof. In an arbitrary model {S, [■]) for a stream specification we define [head](,s) = s(0) for 
s £ S CI D^. By assuming the equation tail(x : cr) = o" we conclude ([tail](s))(i) = s{i + 1) 
for z > 0. Combined with the definition of [:] we conclude that E holds in every model. 

In case an equation t[x := u] = t'[x := u] holds in a model for every u £ D, then by 
definition the equation t = t' holds in the model, too. 

Combining these observations we conclude by induction on the structure of that 
if a model satisfies Rg, and t t' , then the model satisfies the equation t = t' too. 
Applying this both for and ~_r^, and using the conditions of the lemma we conclude 
that a model satisfies (S^^, T,g, R^, Rg) if and only if it satisfies C^d, ^s, Rd, R'g)- From this 
the lemma follows. □ 

Example 7. Our Fib specification completed by the tail equation reads 

/(O : ct) = 0:1: f{a) Fib = /(Fib) 

/(I: a) = 0:fia) {a\\{x : a) = a. 
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By Theorem |3.4| we know that unfolding this to 

/(x : fj) = g{x,a) Fib = /(Fib), 

giO,a) = 0:l:f{a) tail(x : o") = a 

gil,a) = 0:f{a) 



preserves semantics. Moreover, by Lemma 3.2 we may add a constant c to the signature and 
add the equation c = tail(Fib), still preserving semantics. Let Rs consist of these equations, 
and let R'^ consist of 



f{x:a) = g{x,a) Fib = 0:c 

g{0,a) = 0:1: fid) c = 1 : /(c) 

g{l,a) = 0:f{a) ta\\{x : a) = a. 

Now we will check the conditions of Lemma 18.11 

For proving that i r for all £ = r in Rg we only need to consider the equations 
c = tail(Fib) and Fib = /(Fib). We obtain 

c =R,^ tail(0 : c) tail(Fib) 

and 

Fib =fl, 0:c =R>^ 0:1: /(c) =r,^ g{Q,c) =r> /(O : c) =r> /(Fib). 
For proving £ r for all £ = r in R'^ we only need to consider the equations Fib = : c 
and c = 1 : /(c). For this we need the congruence ^r^ rather than =r^. First observe 

head{g{0,a)) ^R^ liead(0 : 1 : /(a)) ^R^ 0, 

and 

head(5(l,a)) -i?^ head(0 : f{a)) 0, 
so by the last item of the definition of we obtain head{g{x,a)) ^r^ 0. Using this we 
get 

Fib r^R^ liead(Fib) : tail(Fib) 
^R^ head(Fib) : c 
^R^ head(/(Fib)) : c 
^R^ head(/(liead(Fib) : tail(Fib))) : c 
^R^ liead(5(liead(Fib),tail(Fib))) : c 
: c. 

Using Fib : c, for the remaining equation we have 

^Rs tail(Fib) 
^R^ tail(/(Fib)) 
^R^ tail(/(0:c)) 
^R^ tail(g(0,c)) 
^R^ tail(0 : 1 : /(c)) 
l:/(c). 



~ 7 



~ 7 



~ 7 



~ 7 



So the requirements of Lemma 8.1 are fulfilled and we conclude that transforming Rs to R'g 



preserves semantics. By tools like AProVE or TTT2 one proves that Obs(i2g) is terminating. 



so by Theorem 5.1 R'^ is well-defined. Due to preservation of semantics the same holds for 



Rs, and for the original Fib specification. 
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As a consequence, we can conclude incompleteness of Theorem 5.1: the stream speci- 
fication Rg is well-defined but Obs(i?s) is not terminating, due to the infinite reduction of 
Obs(i?s) we saw before. 

The argument for the Fib example can be given in a more sloppy way as was done in 
|19j as follows. Identify ground terms with their interpretations in a model. The result of g 
always starts by 0, so we can write Fib = /(Fib) = g{- ■ ■) = : c for some stream c. Using 
this equality Fib = : c we obtain 

0:c = Fib = /(Fib) = /(0:c) = 0:l:/(c), 

so c = 1 : /(c). So any model for the original specification also satisfies R'g which is obtained 
by replacing the equation Fib = /(Fib) by the two equations Fib = : c and c = 1 : /(c). 
As R'g satisfies our format and Obs(ii^) is terminating we conclude well-definedness of Fib. 

For justifying the steps /(Fib) = g{- ■ ■) = : c in this argument we need the last two 
items of the definition of : 

• for the step /(Fib) = g{- ■ ■) we need E to rewrite Fib to a term with ":" on top, and 

• for the step (?(•••) = : c we need the case analysis on the data element in "• • • " as 
expressed by the last item in the definition of ~_Rj, 

exactly as we did in our detailed proof. Note that the sloppy argument only shows that the 
new equations in R'^ are implied by original equations, and not the other way around. The 
following example shows that it is essential also to prove the other direction. 

Example 8. Consider the proper stream specification Rg consisting of 

f{x:a,y:T) = g{x,y) zeros = : zeros 

5^(0,0) = ones ones = l : ones 

g{0,l) = zeros c = /(c,c) 

g{l,x) = zeros tail(a; : a) = a 

If [c] starts with 0, then [/(c, c)] = [(^(0,0)] = [ones] starts with 1, and if [c] starts with 1, 
then [/(c, c)] = [g{l, 1)] = [zeros] starts with 0, so Rs does not admit a model and is not 
well-defined. However, the proper stream specification R'^ obtained from Rg by replacing c = 
/(c, c) by c = f{f{c, c), c) is well-defined, while this new equation satisfies c =/j^ /(/(c, c), c). 
Well-definedness of R'g can be proved by proving termination of Obs(i?"), where Rg is 
obtained from R'g by replacing the equation for c by c = zeros. The transformation from 
R'g to R'g satisfies the requirements of Lemma |8.l[ for checking this one shows that 

/(/(O : a,0 : a),0 : a) /(<7(0,0),0 : a) /(I : ones, : a) ^r^^ g{l,0) -/j, zeros 

and 

/(/(I : a, 1 : cj), 1 : cj) f{g{l, 1), 1 : ct) /(O : zeros, 1 : a) ~r/ g{0, 1) zeros 
by which from the last item of the definition of one concludes 

/(/(x : a,x : a),x : a) ~r/ zeroS, 

hence 

c~i?' /(/(c,c),c) /(/(liead(c) : tail(c),liead(c) : tail(c)), liead(c) : tail(c)) zeros. 
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Next we show how we can use the combination of Lemmas 13.21 and 18.11 and Theorem 
5.1 to prove that the fohowing stream specification admits exactly two models {S, [•]) with 
S = {[t] \tGTs}: 

/(O : ct) = 0:1: f{a) m = f{m) 

/(I : a) = 1:0: f{a) \a\\{x -.a) = a. 

Assume we have a model (5, [•]) of this specification. Then either [m.](0) = or [m.](0) = 1. 
In the former case the equation m = : tail(m) holds, in the latter case the equation 
m = 1 : tail(m) holds. First assume we are in the former case. Then we may add the 
equation m = : tail(m). For this extended system we will prove well-definedness. Note 



that the specification is not orthogonal, but for applying Lemmas 3.2 and 8.1 and Theorem 
|3.4| this is not required. After applying Lemma |3.2| and Theorem 3.4 we arrive at the 
(non-proper) specification Rg consisting of 

f{x:a) = g{x,a) m = f{m) 

5(0,0-) = 0:l:/(cj) m = : tail(m) 

5(1, a) = 1:0: /(a) c = tail(m) 

tail(x : a) = a. 

Now we transform this to the proper specification i?^ consisting of 



/(x : a) 
9(0, ct) 
ff(l,cT) 

One easily checks that I = 



= g{x,a) m 
= 0:1: /((j) c 
= 1:0: /(cj) tail(x : a) 

fli r for all equations i = r in Rg 



= : c 
= l:/(c) 
= a. 

and conversely, so by Lemma 



(or even Lemma 3.3) one concludes that this transformation is semantics preserving. 
Since Obs(ii^) is easily checked to be terminating, this shows that adding m = : tail(m) 
to the original specification yields exactly one model with 5" = {[t] | t G T^}. By symmetry 
the same holds for the other case, where the equation m = 1 : tail(m) is added. Without a 
proof we mention that the two solutions for m are exactly the Thue-Morse stream morse 
from Example [T] and its inverse. 

We conclude this section by an elaboration of the Kolakoski stream. 

Example 9. The Kolakoski stream Kol is the unique fix point of g defined by 



5(0 




= 1 


l:/(^ 


5(1 




= 1 


/(^) 


/(o 


^) 


= 


0:g{a 


/(I 


'y) 


= 





So both for / and g its result on a stream is defined as follows. If a 1 is read, then a 
single symbol is produced, and if a read, then two copies of a symbol are produced. This 
producing is done in such a way that the produced elements are alternately O's and I's, for 
/ starting with and for g starting with 1. Due to this procedure in some presentations 
instead of the number 2 is written. 

Of course we have to prove that g has a unique fix point Kol. Similar to what we saw 
for Fib, the fix point equation Kol = ^(Kol) causes non-termination in the observational 
variant so we cannot apply our approach directly. In order to prove well-definedness, we 
follow the same lines as we did for Fib, with the difference that now we do not start by 
unfolding, but postpone unfolding to the end. Start by the four equations for / and g, 
and the equations Kol = g{\^o\) and tail(x : a) = a. According to Lemma 3.2 addition of 
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the equation K = tail(tail(Kol)) is semantics preserving. So let Rg consist of all of these 
equations for f,g,Ko\,ta.\\,K. We will transform this to R'g consisting of the equations for 
/, 5,tail, and the two equations 

Kol = 1 : : K = 0: g{K). 



Applying unfolding (Theorem 3.4) to R!^ yields a proper stream specification for which 
TTT2 and AProVE succeed in proving termination of the observational variant, so by 
Lemma 8.1 it remains to show that £ r for all i = r in Rg, and i r for all £ = r 
in R'g. For doing so, first we show that head(5(0 : a)) 1 and head(5(l : a)) 1, 

so head(5'(x : a)) r^R^ 1, and hence head(5r(cr)) ~_r^ head(fif(head(cr) : tail((j))) l. 

Similarly we obtain head(/(cr)) 0. Using this we derive 

Kol head(Kol) : tail(Kol) head(5(Kol)) : tail(Kol) 1 : tail(Kol), 

and 

head(tail(Kol)) head(tail(5(Kol))) head(tail(5(l : tail(Kol)))) r^R^ 
head(tail(l : /(tail(Kol)))) head(/(tail(Kol))) 

from which Kol ^r^ 1 : : K follows. Moreover, we obtain 



K 



^Rs 
^Rs 



ta 
ta 
ta 
ta 
ta 
ta 




l(tail(Kol)) 
l(tail(5(Kol))) 
l(tail(5(l : : K))) 
l(tail(l : /(O : K))) 
l(/(0 : K)) 
KO:0:g{K)) 
9{K). 



For the other direction we have 
5(Kol) 5(1 : : K) ^r, 
and K r^R, tail(tail(l : : A")) - 



1 : /(O : 1 : : : g{K) -^j, 1 : : Kol 

Ri^ tail(tail(Kol)), concluding the proof. 
Although this stream Kol has a very simple and regular definition, the stream seems 
to behave remarkably irregular. In contrast to earlier streams we saw, turtle visualiza- 
tions of Kol show up hardly any regular pattern: they seem to behave just like randomly 
generated boolean streams. For instance, by choosing the angle to be 90 degrees both for 
and 1, taking the first 50000 elements of Kol yields the following turtle visualization: 
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9. Conclusions and Further Research 

We presented a technique by which well-definedness of stream specifications hke Ex- 
ample [3] can be proved fuhy automaticaUy, where a tool like Circ [121 E] fails, and the 
productivity tool [Ij fails to prove productivity. The main idea is to prove well-definedness 
by proving termination of a transformed system Obs(i?s), in this way exploiting the power 
of present termination provers. 

We observed that productivity of the stream specification cannot be concluded from 
termination of Obs(i?<j). Intuitively, productivity is closely related to termination; we leave 
as a challenge to further relate termination with productivity of stream specifications. A 
first step in this direction was made in |21| . There it was proved that productivity of a 
stream specification is equivalent to balanced outermost termination of the specification ex- 
tended by an extra rule x : a — >• overflow. Here an infinite reduction is called balanced 
outermost if only outermost redexes are reduced, and in the choice of them some fairness 
condition holds. As there are powerful techniques to prove outermost termination auto- 
matically [5], this can be used to prove productivity fully automatically. Unfortunately, 
as soon as binary operations like zip come in, typically the notions outermost termination 
and balanced outermost termination do not coincide: for many productive stream spec- 
ifications the extension by the overfiow rule is not outermost terminating, by which this 
approach fails. Instead in [20] some basic criteria for productivity have been investigated 
together with relationship with context-sensitive termination. Combined with a number of 
transformations and corresponding heuristics, this yields a powerful technique for proving 
productivity automatically, supported by an implementation. This approach exploits the 
power of present termination provers for proving productivity, just like we do in this paper 
for proving well-definedness. 

We offer an implementation for computing Obs(i?s) automatically, by which proving 
well-definedness can be done fully automatically in case the approach applies directly. For 
cases for which the approach does not apply directly, in Section [3] and Section |8] we devel- 
oped techniques to transform stream specifications in such a way that semantics and well- 
definedness is preserved, and often our approach applies to the transformed specifications. 



Among these techniques only unfolding (Theorem 3.4) is supported by our implementation. 
For the other techniques some heuristics will be required. For the Fibonacci stream (Ex- 
ample [7]) and the Kolakoski stream (Example [9]) the following heuristics turned out to be 
successful: 

• Identify a non-productive constant c. In both mentioned examples this is the stream to 
be defined, for which the equation is of the shape c = /(c). 

• Determine the first element d of the stream represented by c. 

• Introduce a fresh constant c', and introduce the equation c = d : d . 

• Using both the original equations and this new equation c = d : c' try to find a sound 
equation c' = t in which t is a term containing c', but not c. 

• Replace the original equation c = • • • by the two new equations c = d : c' and c' = t, and 
check whether this transformation is semantics preserving. 

• In case this approach fails, try the generalization in which the first n elements di, . . . , d^ 
of the stream represented by c are determined for some small value n, and the equation 
c = di : d2 dn ■ c' is introduced for a fresh constant c'. 

Another approach of using the techniques of Section [3] and Section [8] is proving well- 
definedness of a stream specification by proving productivity of all ground terms in a 
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transformed specification, e.g., by tlie approach of [20j. Since productivity implies well- 
definedness and the transformation preserves semantics, this imphes well-definedness of the 
original specification. 

In Section [S] we used the technical assumption that the model is closed under tail. This 
was forced by assuming the equation tail (a; : a) = a. We conjecture that for the validity 
of the approach this is not essential. More precisely, we conjecture that a stream specifica- 
tion ('Ed,'^s, Rd, Rs) with tail Tig is well-defined if and only if the extended specification 
{T,d,^s U {taW} , Rd, Rs U {tail(x : a) = a}) is well-defined. This looks trivial as tail does 
not occur in the original specification, so is not expected to influence anything. However, 
giving a formal proof causes problems. The reason is that the model for {T,d,T,s, Rd, Rs) 
may not be closed under [tail]. In fact we can even prove that in the model {S, [■]) for the 
Fib example satisfying S = {[f] | t S T^}, the tail of Fib is not contained in S. A problem is 
how to lift [/] defined on S to the larger model that is closed under tail. For the particular 
Fib example a solution can be given, but for the general setting we failed. 

This paper purely focuses on streams over a fixed data set D; in all examples even 
D consists of the booleans. It is expected that the approach can be generalized to other 
infinite data types like infinite binary trees. A suitable format for this more general kind of 
infinite data structures has been given in [20] . In such a setting destructors can be defined 
as inverses of the constructors, just like in this paper we introduced (head, tail) as the 
inverse of Similar to what we did in this paper for streams, in this more general setting 
a specification consisting of equations on terms over constructors and user defined symbols 
will be transformed to an observational variant, being a rewrite system over destructors 
and the user defined symbols. Just like we did in this paper for the special case of streams, 
this rewrite system serves for observing data. It is orthogonal by construction, and well- 
definedness can be concluded from termination. Although the agenda for this approach 
for other infinite data structures is similar to what we did in this paper, this has not been 
elaborated in detail. 
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